+
+#################################################################################
+#
+# shockwave-flash: Kill embedded Shockwave Flash objects
+# Note: Better just block "/.*\.swf$"!
+#
+#################################################################################
+FILTER: shockwave-flash Kill embedded Shockwave Flash objects
+
+s|<object [^>]*macromedia.*</object>|<!-- Squished Shockwave Object -->|sigU
+s|<embed [^>]*(application/x-shockwave-flash\|\.swf).*>(.*</embed>)?|<!-- Squished Shockwave Flash Embed -->|sigU
+
+
+#################################################################################
+#
+# quicktime-kioskmode: Make Quicktime movies saveable
+#
+#################################################################################
+FILTER: quicktime-kioskmode Make Quicktime movies saveable
+
+s/(<embed\s+[^>]*)kioskmode\s*=\s*(["']?)true\2/$1/ig
+
+
+#################################################################################
+#
+# fun: Text replacements for subversive browsing fun!
+#
+#################################################################################
+FILTER: fun Text replacements for subversive browsing fun!
+
+# SCNR
+#
+s/microsoft(?!.com)/MicroSuck/ig
+
+# Buzzword Bingo (example for extended regex syntax)
+#
+s* (?:industry|world)[ -]leading \
+| cutting[ -]edge \
+| customer[ -]focused \
+| market[ -]driven \
+| award[ -]winning # Comments are OK, too! \
+| high[ -]performance \
+| solutions[ -]based \
+| unmatched \
+| unparalleled \
+| unrivalled \
+*$0<sup><font color="red"><b>Bingo!</b></font></sup> \
+*igx
+
+# For Germans only
+#
+s/(M|m)edien(?![^<]*>)/$1ädchen/Ug
+
+#################################################################################
+#
+# crude-parental: Crude parental filtering? (Use along with a suitable blocklist).
+# Shows how to deny access to whole page based on a keyword.
+#
+#################################################################################
+FILTER: crude-parental Crude parental filtering (demo only)
+
+# (Note: Middlesex, Sussex and Essex are counties in the UK, not rude words)
+# (Note #2: Is 'sex' a rude word?!)
+
+s%^.*(?<!middle)(?<!sus)(?<!es)sex.*$%<html><head><title>Blocked</title></head><body><h3>Blocked due to possible adult content. Please see <a href="http://dmoz.org/Kids_and_Teens/">this site</a>.</h3></body></html>%is
+s+^.*warez.*$+<html><head><title>No Warez</title></head><body><h3>You're not searching for illegal stuff, are you?</h3></body></html>+is
+
+
+#################################################################################
+#
+# IE-Exploits: Disable some known Internet Explorer bug exploits
+#
+#################################################################################
+FILTER: ie-exploits Disable some known Internet Explorer bug exploits
+
+# Note: This is basically a demo and waits for someone more interested in IE
+# security (sic!) to take over.
+
+# Cross-site-scripting:
+#
+s%f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);%alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);%siU
+
+# Address bar spoofing (http://www.secunia.com/advisories/10395/):
+#
+s/(<a[^>]*href[^>]*)(\x01|\x02|\x03|%0[012])/$1MALICIOUS-LINK/ig
+
+# Nimda:
+#
+s%<script language="JavaScript">(window\.open|1;''\.concat)\("readme\.eml", null, "resizable=no,top=6000,left=6000"\)</script>%<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>%g
+
+
+#################################################################################
+#
+#
+# site-specifics: Cure for site-specific problems. Don't apply generally!
+#
+# Note: The fixes contained here are so specific to the problems of the
+# particular web sites they are designed for that they would be a
+# waste of CPU cycles (or even destructive!) on 99.9% of the web
+# sites where they don't apply.
+#
+#################################################################################
+FILTER: site-specifics Cure for site-specific problems. Don't apply generally!
+
+# www.spiegel.de excludes X11 users from viewing Flash5 objects - shame.
+# Apply to: www.spiegel.de/static/js/flash-plugin.js
+#
+s/indexOf\("x11"\)/indexOf("x13")/
+
+# www.quelle-bausparkasse.de uses a very stupid redirect mechanism that
+# relies on a webbug being present. Can we tolerate that? No!
+# Apply to: www.quelle-bausparkasse.de/$
+#
+s/mylogfunc()//g
+
+# groups.yahoo.com has splash pages that one needs to click through in
+# order to access the actual messages. Let the browser do that. Thanks
+# to Paul Jobson for this one:
+#
+s|<a href="(.+?)">(?:Continue to message\|Weiter zu Nachricht)</a>|<meta http-equiv="refresh" content="0; URL=$1">|ig
+
+# monster.com has two very similar gimmicks:
+#
+s|<input type="hidden" name="REDIRECT" value="(.+?)">|<meta http-equiv="refresh" content="0; URL=$1">|i
+
+s|<IMG SRC="http://media.monster.com/mm/usen/my/no_thanks_211x40.gif".+?>|<meta http-equiv="refresh" content="0; URL=http://my.monster.com/resume.asp">|i
+
+# nytimes.com triggers popups through the onload handler of dummy images
+# to fool popup-blockers.
+#
+s|(<img [^>]*)onload|$1never|sig
+
+# Pre-check all the "Discard" buttons in GNU Mailman's web interface.
+# (This saves a lot of mouse aiming practice when flushing spamtraps)
+#
+s|(<INPUT name="\d{2,4}" type="RADIO" value="0") CHECKED |$1|g
+s|<INPUT name="\d{2,4}" type="RADIO" value="3" |$0 checked|g
+
+
+